Hi ,I am making a twitter like application in jsf ,so far i have completed to create new sessions for users ,Then i make code for checking number users online using session listeners,then i encountered a problem that as soon as i request for faces application even for the first time i.e application homepage new session is automatically created.is there any relation b/w starting of jsf application and session creation ?
An HttpSession object stores login context, but you don't have to be logged in to have a session.
One of JSF's primary features is Managed Beans, where JSF will automatically construct and initialize beans on demand. If the bean in question is in session scope (also View scope in JSF2), then JSF will automatically construct an HttpSession to hold it. Since JSF requires session-scope objects more often than most J2EE frameworks, JSF apps tend to create sessions fairly soon after a user hits the site.
So counting sessions is not a good metric for number of logged-in users. For that, your login process itself is a better place to capture the logged-in user count.
If you're using a DIY login process (which I generally don't recommend), you can simply update a counter when the user logs in. Decrement it from a session destruction listener as the user logs out. If you're using container-managed security, there's no user code for login, but there's a way to detect when a user has just logged in via a ServletFilter.
A good place to maintain the logged-in user counter is in a Managed Bean that's in application scope, since app scope data is shared by all sessions. Just remember to make the counter thread-safe!
An IDE is no substitute for an Intelligent Developer.
simranjit singh sandhu
Joined: Mar 15, 2012
Thanks !!! but as you have said i am already using session create listener and session destroy listeners to keep track of logged in users . and can you tell me how i can keep track of logged in users using application scoped bean or can i create custom event listeners in login method ?
As I said, you can have a session without being logged in, so a sessioncreatelistener won't do.
There is no such thing as a "login event" or "login method" in J2EE's built-in security system. When you use J2EE standard container-managed security, the login process is part of the server, not part of the application, and the server can't pass a login event to the app because not all security realms guarantee that you "log in" to the application. For example, when using single signon, the login is done once, and that once may have been long before the user requested that particular app.
When using a Do It Yourself Security System, the login works however you designed it to work (which for most people it is to say badly, which is why I discourage DIYSS).
To track logged-in users using an app-scope javabean, make it implement a Set of login IDs or counter, depending on whether or not you want to track actual user IDs or just the total number of signed-on users. Then provide a thread-safe method(s) to call on login and logout that will update that Set or counter.